I just happened to be unable to log in to my Mac using ScreenSharing (VNC). It is enabled, but probably the firewall is asking if ScreenSharing should be allowed to receive incoming connections… Bummer!

If at least SSH is working, it is possible to disable the firewall completely from the command line. Please be sure to only do this in a secured environment:

sudo defaults write /Library/Preferences/com.apple.alf globalstate -int 0

After this you will have to restart the firewall agent:

sudo launchctl unload /System/Library/LaunchDaemons/com.apple.alf.agent.plist
sudo launchctl load /System/Library/LaunchDaemons/com.apple.alf.agent.plist

You should now be able to use ScreenSharing.

Do not forget to re-enable the firewall again after you have finished your work, same procedure, but with 1 instead of 0, of course 🙂

To enable ScreenSharing in general, please read this older post: Activate screen sharing on Mac OS X when you only have SSH enabled

If you want to get a temporary IPv6 address which is not MAC based (so you do not always surf with the same address and can be tracked), you should enter

sudo sysctl -w net.inet6.ip6.use_tempaddr=1

on your Mac’s commandline. You will then get an additional temporary IPv6 address which does not reveal your network card’s MAC address as part of it. This gives a bit more privacy!

Should also work on iPhone/iPad in case of a JB!

Today I was worrying how to get my own CA’s root certificate AND a certificate signed by my own CA into my iPhone.

After reading lots of stuff I finally made it:

First, send an email containing your CA’s root certificate (the .crt file) to an address which you will receive on your iPhone. Open this mail, click onto the attachment – and voila, you will be asked to install that Certificate. Do it 🙂

Your “Identity” – which consists of your client’s .crt and .key files need to be converted into a single PKCS12 .p12 file to be understood by the iPhone.

This conversion can be done by the following command (taken from http://shib.kuleuven.be/docs/ssl_commands.shtml):

openssl pkcs12 -export -in your_iphone_s.crt -inkey your_iphone_s.key -out your_iphone_s.p12 -name “name_of_your_iphone” -CAfile your_ca_s.crt -caname “your_ca_s_name” -chain

You will be asked for an export password which will protect your identity during transmission via email later. If your_iphone_s.key is protected with a password you will probably be asked for that one, too – but this was not the case with my file, so I cannot tell you.

Again, mail the resulting your_iphone_s.p12 to an address which you will receive on your iPhone. Open this mail, click onto the attachment – and voila, you will be asked to install that PKCS12 identity. Do it 🙂

You will be asked for the export password which you entered when creating the .p12 file.

After a fiddling around quite a while I finally managed to compile a working 64bit client of Bacula 5.0.2 for Mac OS X Snow Leopard (10.6.4).

After downloading the source tar.gz from http://www.bacula.org you would untar the file, enter the directory – and there is a special make command make -C platforms/osx to compile the client. This does not work on 10.6.4 and not with 64bit.

My patch (bacula-5.0.2-snowleopard-64bit.patch.gz) can be applied as follows:

• Download bacula-5.0.2.tar.gz from http://www.bacula.org
• tar xvzf bacula-5.0.2.tar.gz
• cd bacula-5.0.2/platforms/osx
• zcat ../../../wherever_you_saved_the_patch/bacula-5.0.2-snowleopard-64bit.patch.gz | patch -p1
• make dmg

You will then find a mountable DMG within the products directory.

My patch is changing the following:

• Runs the file daemon as root after startup of the system
• Creates the config file with a director name of bacula-dir – to change this edit the file resources/postflight.in AFTER patching and replace bacula-dir by your_director_host-dir. This way all your clients already know the director host!
• Compiles a native 64bit executable under 10.6.4 with current SDKs

Hope this will help others!

For whatever reason today my iPhone and my Sennheiser MM 450 did not want to communicate with each other anymore via Bluetooth. I managed to factory reset my headset, but of course wanted to avoid this on my iPhone. But no chance, no new pairing happened and I could not get rid of the old entry of the headset in my iPhone list.

After a lot of searching and playing around I found two files on the iPhone you have to edit:

Convert the first file into editable XML format:

plutil -convert xml1 /private/var/mobile/Library/Preferences/com.apple.MobileBluetooth.devices.plist

Here you will find your device’s MAC address (00:16:94:09:AA:AA) which you will need for the second file:

sqlite3 /Library/Keychains/keychain-2.db

Look for your MAC address in the output of the command

select * from genp;

It will look like this:

54||||||||||||||00:16:94:09:AA:AA|MobileBluetooth||h######a;#########9Hx###fd######a####zo####

To remove that line having a 54 in the first column (with name rowid), enter

delete from genp where rowid=54;

and your iPhone will not know how to talk to your headset anymore and ask for re-pairing.

Of course you will need to have a JB iPhone and the packages com.ericasadun.utilities and sqlite3 available via Cydia!

I hope this saves you a reset of your networking settings as it did for me!

First patch the original source code with this:

--- ./src/filed/restore.c-orig 2009-11-06 10:20:57.000000000 +0100
+++ ./src/filed/restore.c 2009-11-06 10:22:43.000000000 +0100
@@ -153,7 +153,7 @@
uint32_t buf_size; /* client buffer size */
int stat;
ATTR *attr;
- intmax_t rsrc_len = 0; /* Original length of resource fork */
+ int64_t rsrc_len = 0; /* Original length of resource fork */
r_ctx rctx;
/* ***FIXME*** make configurable */
crypto_digest_t signing_algorithm = have_sha2 ?
@@ -547,7 +547,7 @@
continue;
}

Then configure using

./configure --prefix=/usr/local --enable-client-only --with-openssl --with-working-dir=/var/db/bacula --with-pid-dir=/var/run

Run make && sudo make install

Configuration and the like can be found here

Enjoy!

If you are using an unlocked iPhone, you might be getting messages telling you that this call is being forwarded in either direction. You always have to press the OK button to get rid of them – annoying.

To switch this off, you need a JB phone. Then you can log in to the phone using SSH and either convert the file

/System/Library/Carrier Bundles/Unknown.bundle/carrier.plist

so that two keys get different values:

[code lang=”xml”]ShowCallForwarded

ShowCallForwarding
[/code]

A final reboot is needed.

You can do this by converting the binary file into XML using plutil before editing – but if you have that tool already installed you can use the easier method

[code]cd /System/Library/Carrier Bundles/Unknown.bundle/
plutil -key ShowCallForwarding -setvalue 0 carrier.plist
plutil -key ShowCallForwarded -setvalue 0 carrier.plist
reboot[/code]

HTH!
Kic

Just enter the following command:

sudo /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -activate -configure -access -on -users your_username -privs -all -restart -agent -menu

That’s it 🙂

If you happen to have firewall issues, please read this post: Remotely disabling Firewall of Mac OS X